Using SSL (short for Secure Socket Layer) is vital to keeping your site’s visitors safe as well as improving your webpage’s ranking on search engines. Without SSL, the data and information sent between your web server and your site’s visitors can be seen by third parties that are transmitting that data. With SSL, this data is encrypted, and only you and your visitors can see the information, keeping both sides safer.

Let’s Encrypt lets you set up an SSL certificate on your server for free. Their goal was to make SSL a commodity and give everyone the ability to have a safe and secure website. Let’s Encrypt makes the process of installing/renewing certificates easy for most users. This is very useful for making your website secure without needing the technical knowledge that is usually expected. Google and other search engines further encourage securing your website by giving websites that use SSL a higher ranking than websites without SSL.

In this guide, we will use the Certbot tool from EFF (https://certbot.eff.org).

Prerequisites

As a requirement, we need to install the Extra Packages for Enterprise Linux (EPEL) package. You will need a server or VPS running CentOS 7, and a user that has sudo privileges, or access to the root user itself. Assume the following commands described here are performed by the root user. Let’s install the EPEL package:

$ yum install epel-release

Then update the packages in the system to add the new package lists to the package manager:

$ yum update

1. Install and Start Nginx

If you haven’t done so already, install Nginx and start it:

$ yum install nginx

$ service nginx start

You can also set up Nginx to start automatically after the server boots up by running this command:

$ systemctl enable nginx

Now that our Nginx server is running, we can install Certbot.

2. Install Certbot

Now, we will install certbot by running this command:

$ yum install certbot-nginx

The next command will install a Let’s Encrypt SSL certificate using the Nginx plugin. This will automatically modify your Nginx configuration by adding the relevant lines containing the paths to the certificate and private key created by Certbot, before finally reloading Nginx.

$ certbot --nginx

Simply follow the guide that Certbot provides, enter your email, and your server should now have SSL set up!

3. Automating Renewal

A Let’s Encrypt-issued SSL certificate is valid for 90 days. However, we can automate the process of renewing the certificate by adding a cronjob that periodically checks the expiry status of the certificate and renews the certificate if needed.

In the command line, open your crontab file:

$ crontab -e

This will open a text editor where you can add the following:

0 2 * * * /usr/bin/certbot renew --quiet

This line says to run the certbot command at 2:00 am, every day. The –quiet option tells certbot not to produce any output. Save and exit from the editor.

Firewall settings (optional)

CentOS 7 comes with the default firewall program called firewalld. You may choose to completely disable this to guarantee that no connections will be stopped from/to your server. However, if you wish to use it on your system, you need to configure firewalld to allow HTTPS access to your server.

The following command configures firewalld to allow both HTTP and HTTPS connections.

$ firewall-cmd --permanent --add-service=http --add-service=https

Reload the the firewall in order for the changes to take effect:

$ firewall-cmd --reload

That’s all there is to it – you now have your firewall running while still allowing for HTTP and HTTPS requests to come through.

Congratulations! You have successfully set up Let’s Encrypt SSL using Certbot with Nginx support.

While Let’s Encrypt does make their certificate installation pretty straightforward, that’s not all that needs to be done on a website. Our fully managed CentOS support services provide you with complete and comprehensive support and maintenance for your server, including any requests you have for software installation and configuration. We do everything you could ever need for your server’s health and performance.

If this tutorial helped you set up Let’s Encrypt on your CentOS 7 server or VPS, please consider leaving a comment letting us know how it helped, or you can share this post on social media by using our share shortcuts. Thanks.

The post How to Install Let’s Encrypt on CentOS 7 with Nginx appeared first on LinuxHostSupport.

1. Install Dependencies

The first step is the installation of the required packages. Run the following command to install them:

apt-get install python-pip python-dev python-setuptools python-flup libpng12-dev zlib1g-dev libpng-dev libjpeg-dev build-essential

2. Install and configure PostgreSQL database

Install PostgreSQL from the Ubuntu package repository . You can do that using this command:

sudo apt-get install -y postgresql postgresql-contrib

At this point, in order to configure local user authentication, you need to edit the pg_hba.conf  using some text editor, e.g. nano:

nano /etc/postgresql/9.5/main/pg_hba.conf

If you want to activate password authentication using an MD5 hash then you should replace peer with md5 on this line:

local   all          all                  md5

Save and exit. You should restart the PostgreSQL service in order to enable automatic start at system boot and at the same time to enable these changes.

systemctl restart postgresql

systemctl enable postgresql

Create a new PostgreSQL database and user for Askbot installation. In this tutorial, a new database ‘askbot_db’ with username ‘askbot_user’ and password ‘YOUR_PASSWORD’ was created.

You need to login as the postgres user and access the PostgreSQL shell ‘psql’.

su - postgres
psql

Using the next queries you should create a new database named ‘askbot_db’ and a new user ‘askbot_user’ with password ‘YOUR_PASSWORD’.

create database askbot_db;
create user askbot_user with password 'YOUR_PASSWORD';
grant all privileges on database askbot_db to askbot_user;
\q

Now, you have created a new PostgreSQL database for Askbot installation.

3. Install and Configure Askbot Django App

You have installed all packages which are needed for the installation of Askbot and also you have created the PostgreSQL database. The next thing on your list is to install and configure Askbot.

Now, for the installation of Askbot a new user should be created, because the root user won`t be uses for it. You need to create a new user ‘askbot‘ and to give a new password to that user.

useradd -m -s /bin/bash askbot
passwd askbot

Then, you should add the askbot user to the sudo group by the usermod command.

usermod -a -G sudo askbot

You need to create a Symbolic link to /user/bin

sudo ln -s /usr/local/bin/pip /usr/bin/

You have created a new user has been created. The next step is to update python-pip and install virtualenv package. Using the following pip commands you can install these packages.

pip install --upgrade pip
pip install virtualenv

At this point you should log in as the ‘askbot’ user with the su command, and install Askbot.

su - askbot

Next we would need a new virtual environment for the installation of askbot and we can create it with virtualenv command.

virtualenv example_user

To activate the new virtual environment, use the following command:

source example_user/bin/activate

Next you should install Askbot Django app with pip, including psycopg2 for PostgreSQL database connection.

pip install askbot psycopg2

Now, you need to create a new directory for Askbot Django app – we choose to use the name ‘my_app’. You should install Askbot in the created directory.

mkdir my_app/
cd my_app

You can now install Askbot using the following command:

askbot-setup

You should only give the single ‘.‘ and press ‘Enter’ when asked about the Askbot installation directory. In a similar way, by choosing number ‘1‘ you can choose PostgreSQL for database config. Input the database name ‘askbot_db‘, username ‘askbot_user‘ with password ‘YOUR_PASSWORD‘.

pip install six==1.10

Using this command you will generate Django static files directory.

python manage.py collectstatic

In order to continue type ‘yes’ and press Enter.

With the use of the syncdb option you can generate the PostgreSQL database.

python manage.py syncdb

You should type ‘yes’ and then type your admin user, email, and password when asked to create the admin user.

Now you have installed Askbot on the system under the ‘askbot’ user virtual environment. If you want to test the installation of Askbot you can run the runserver command below.

python manage.py runserver 0.0.0.0:8080

If you desire to check the Askbot’ page you need to open your web browser and type the server IP with port 8080.

4. AskBot with Let’s Encrypt SSL

uWSGI supports applications based on Python, Perl, and Ruby. Here, we are going to use uWSGI with the Nginx web server for our Askbot installation. You can install uWSGI using the pip command below.

sudo pip install uwsgi

The next step is the creation of a new directory for the uWSGI site configuration ‘/etc/uwsgi/sites’.

mkdir -p /etc/uwsgi/sites
cd /etc/uwsgi/sites

You need to add new uWSGI configuration file ‘askbot.ini’ to the ‘sites’ directory and then to edit it with nano.

nano  askbot.ini

There, paste the following uWSGI configuration.

[uwsgi]

# Project directory, Python directory
chdir = /home/askbot/example_user/my_app
home = /home/askbot/example_user/
static-map = /m=/home/askbot/example_user/my_app/static
wsgi-file = /home/askbot/example_user/my_app/django.wsgi

master = true
processes = 5

# Askbot will running under the sock file
socket = /home/askbot/example_user/my_app/askbot.sock
chmod-socket = 664
uid = askbot
gid = www-data
vacuum = true

# uWSGI Log file
logto = /var/log/uwsgi.log

5. Install and configure Nginx to use SSL Certificates with AskBot

You have now installed Askbot and it’s running under the uWSGI sock file ‘askbot.sock’. At this point, we are going to use Nginx web server as a reverse proxy for uWSGI application Askbot.

Using the apt command below you can install Nginx from the repository.

apt-get install nginx

Now, using the pip command below, you can install LetsEncrypt.

pip install letsencrypt-nginx==0.7.0

certbot --nginx -d your_domain.com -d www.your_domain.com

Once you have completed the installation, don`t forget to add new nginx virtual host file ‘askbot.conf’.

nano /etc/nginx/sites-available/askbot.conf

You need to paste the following askbot nginx virtual host configuration.

server {
        listen 80;
        server_name your_domain.com www.your_domain.com;
        location / {
        include         uwsgi_params;
        uwsgi_pass      unix:/home/askbot/example_user/my_app/askbot.sock;
   }
 listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}
server {
    if ($host = your_domain.com) {
        return 301 https://$host$request_uri;
    }


        listen 80;
        server_name your_domain.com www.your_domain.com;
    return 404;

}

}

Save and exit.

Next, with the creation of a symlink for ‘askbot’ file to ‘sites-enabled’ directory you will enable the Askbot virtual host file.

ln -s /etc/nginx/sites-available/askbot.conf /etc/nginx/sites-enabled/askbot.conf

Run the following command if you want to test the nginx configuration:

nginx -t

That’s it, you have successfully installed Nginx web server and configured for the Askbot Python Django app.

Of course, you don’t have to install, configure and run Askbot on Ubuntu 16.04, if you use one of our outsourced Linux server support services in which case you can simply ask our expert Linux admins to install and configure Askbot on Ubuntu 16.04 for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post on how to install, configure and run AskBot with Let’s Encrypt SSL on Ubuntu 16.04, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Install, Configure and Run AskBot with Let’s Encrypt SSL on Ubuntu 16.04 appeared first on LinuxHostSupport.

Let’s Encrypt has an automated installer called Certbot. With Certbot you can very easily add a certificate to your site in just a couple of minutes. Certbot can be used on both Nginx and Apache server and it is supported on various Linux distributions such us Ubuntu, Debian or CentOS. For the purposes of this tutorial, we will show you how to install Let’s Encrypt SSL certificate on Ubuntu 16.04 with Apache web server.

1. Install Certbot

To install Certbot, simply run the following commands:

apt-get install software-properties-common python-software-properties
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache

2. Install Let’s Encrypt SSL Certificate

To install a Let’s Encrypt SSL certificate on your domain, execute the following command (make sure you replace ‘yourdomain.com’ with your actual domain name):

certbot --apache -d yourdomain.com

You will then be asked for an email address and to read and accept the Terms of Services. This is how the output should look like during the installation:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@yourdomain.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for yourdomian.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

3. Redirect HTTP to HTTPS

Additionally, you can also make a choice if you would like to redirect all the HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://yourdomain.com

4. Automatic renewal

You can also create a cron job in order to set up an automatic SSL renewal. To do this first run:

crontab -e

and then add the following:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save the file and close it. Restart the cron service so the changes can take effect:

service cron restart

That’s it. You can now open https://yourdomain.com in your browser and verify whether the Let’s Encrypt SSL certificate has been installed properly.

Of course, you don’t have to install Let’s Encrypt SSL Certificate using Certbot if you use one of our Linux Server Support Services in which case you can simply ask our expert Linux admins to install Let’s Encrypt using Certbot for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to install Let’s Encrypt SSL Certificate using Certbot, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.

The post Install Let’s Encrypt SSL Certificates using Certbot appeared first on LinuxHostSupport.

1. Update the system

As usual make sure the system is fully up to date before installing any packages:

# yum -y update

2. Install Apache

We are going to use Apache as our web server, install it using this command:

# yum -y install httpd

3. Install mod_ssl

Install mod_ssl as well as we are going to need it to configure our Let’s Encrypt SSL certificate:

# yum -y install mod_ssl

4. Configure Apache

Create a document root folder for your site:

# mkdir /var/www/test

Create a virtual host config file for your site by opening it with nano and then pasting the following contents inside:

# nano /etc/httpd/conf.d/test-site.conf

<VirtualHost *:80>
    ServerAdmin admin@test.com
    DocumentRoot "/var/www/test"
    ServerName test.com
    ServerAlias www.test.com
    ErrorLog "/var/log/httpd/test.error_log"
    CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost>

Add a index.html file for testing purposes later with the following contents:

# nano /var/www/test/index.html

It works!

Change owner of the “/var/www/test” directory to the apache user so Apache can read the directory:

# chown -R apache:apache /var/www/test

Remember to change “test” for your site’s name.
Now that we have Apache installed we can continue by installing certbot.

5. Install certbot

To install certbot first we need to make sure we have the EPEL repository enabled, to do that execute the following command:

# yum -y install epel-release

Make sure yum-utils is installed:

# yum -y install yum-utils

Then install certbot for Apache:

# yum -y install certbot-apache

Now that we have certbot installed, run certbot with the following command:

# certbot --apache

Certbot will ask you for the names you would like to activate HTTPS for:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: test.com
2: www.test.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Press enter to continue and then optionally if you want you can redirect your sites to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If everything goes well you should see the following output:

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://test.com and https://www.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=test.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com
-------------------------------------------------------------------------------

6. Configure automatic renewal

Now we are going to add a cronjob so our Let’s Encrypt SSL certificates can be renewed automatically.

First run the following command so we can have nano as the default editor:

# export EDITOR=/bin/nano

Then execute the following command to edit the crontab:

# crontab -e

Let’s Encrypt recommends the automatic renew cronjob to run twice a day, to do that add the following line and then save and exit the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

Now you should have successfully installed and configured Let’s Encrypt with Apache.

Of course you don’t have to install Let’s Encrypt on CentOS 7 with Apache, if you use one of our outsourced Linux server support services, in which case you can simply ask our expert Linux admins to install Let’s Encrypt SSL certificate on your server with Apache. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to install Let’s Encrypt on CentOS 7 with Apache, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to install Let’s Encrypt on CentOS 7 with Apache appeared first on LinuxHostSupport.

1. Requirements

In order to start with the installation procedure, you need to have Apache or Nginx installed on your server. If there is no web server installed on your virtual server, please follow this tutorial to install Apache.
Also, you need a registered domain name with its A record pointing to your server’s IP address.  For the purposes of this tutorial, we will use ‘yourdomain.com’.

2. Install CertBot

Run the following commands:

sudo apt-get install software-properties-common python-software-properties
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

3. Install Let’s Encrypt SSL

Install Let’s Encrypt SSL certificate on your domain (do not forget to replace ‘yourdomain.com’ with your actual domain):

sudo certbot --apache -d yourdomain.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@yourdomain.com 

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for linuxhostsupport.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

4. Redirect HTTP traffic to HTTPS

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://yourdomain.com

5. Renew the SSL certificate with a cron job

Create a cron job so the SSL certificate is renewed automatically. Run:

crontab -e

and add the following line:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save and close that file and restart cron service for the changes to take effect:

service cron restart

Open https://yourdomain.com in your favorite web browser, and check whether Let’s Encrypt SSL is installed properly:

That is it. Let’s Encrypt SSL certificate has been successfully installed on your website.

Of course you don’t have to Install Let’s Encrypt with Apache on Ubuntu 16.04, if you use one of our Linux Server Support services, in which case you can simply ask our expert Linux admins to  install Let’s Encrypt SSL certificate on Ubuntu 16.04 for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post on How to Install Let’s Encrypt with Apache on Ubuntu 16, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

The post How to Install Let’s Encrypt with Apache on Ubuntu 16.04 appeared first on LinuxHostSupport.